Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: PIX vs. Linux

  1. #1

    Question PIX vs. Linux

    Just wondering what you lot would prefer and why: a Cisco PIX 501 firewall or a Linux firewall? If any of can mention the pros and cons it would be very helpful.

    Thanks in advance.

  2. #2

    Post

    The Cisco Pix firewall seems to be an actual hardware firewall built specifically for this purpose, while a linux firewall is an actual computer that acts as a gateway/firewall to the internet in a similar fashion. Both would seem to provide very good protection if set up correctly. The main advantage of the linux firewall would have to be cost. For more info on the Cisco Pix go to
    http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/
    Jealousy consumes the weak.
    http://www.badconnections.net

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    I'd choose the PIX. It's an appliance. May cost more but it's much harder to get through.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    I'd say wichever your more familiar with.

    Getting a PIX and then ****ing the config is no more secure than a Linux box.

    Plus there are needs.

    Do you need auth and crypt in PIX? or is just basic packet filtering + stateful inspection..

    Anyways, if you wanna go for a rock-solid appliance get the Nokia series with CPNG pre-installed. Those come with a really hardened OS and allow the installation of other software <actually, only ISS's RealSecure> and are setup for routing purposes along side with a cute and handsome 'lil web-based configurator called Voyager

    etsh911

  5. #5
    What exactly is PIX? Is it a fancy packet filter? Is the PIX vulnerable to spoofing attacks?
    thanks

  6. #6
    Junior Member
    Join Date
    Feb 2002
    Posts
    5
    The Cisco PIX is hardware firewall that can do NAT, IP filtering and depending on the model IPSec connections. The major problem I've seen with the PIX is the lack of true port filtering rules. The PIX comes out of the box denying all inbound, which is nice for a security but unless your really familiar with the CLI that cisco has it can be confusing on how to set everything up on it.

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    first of all...the PIX is a stateful firewall just like any other.

    With the Pix, you can do anything any other firewall can do. So vittu, you are incorrect in saying that there is a lack of port filtering rules. You use access-lists that can be used to specify ANY port.

    and YES...of course the PIX come out of the box denying all traffic. This is what you want. Why would you want to close every port you dont need instead of just opening the ports you do. Besides even if you wanted to change that, you could just issue the following commands.

    access-list acl-out permit IP any any
    *defines all traffic to be permitted

    accesgroup acl-out in interface outside
    *applies the access-list rules to the outside interface

    The PIX501 is also a small SOHO device that has a very simple configuration interface, so you would not have to worry about the CLI stuff anyway. It is a very good product.

    I know mrwall is a very big CP advocate, and so am I, but the PIX is also a very good firewall and I think he would agree with me.

    Bottom Line: either CP soho or PIX 501....i would probably stay away from the linux firewall for the sake of simplicity..

  8. #8
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    432
    Hey ive noticed something thats called frankin pix.....someone has taken the cisco ios and ripped so that you can flash it into a intel based mother board. When you but up it looks just like the pix firewall.Its supposed to be way cool I haven't had a chance to mess with it yet.
    I toor\'d YOU!

  9. #9
    Junior Member
    Join Date
    Oct 2001
    Posts
    15

    Talking Tell me if im wrong ?

    Here is my experience in case you care
    Pix is extremely secure and easy to use iffffff and only ifffff you have a set of ip addresses under the same subnet ...
    Now ... trouble started when my network started growing and when i had to divide my network in zones , now that is the shitty part, configuration jumped from being a nice 1/2 an hour experience into a 4 days nightmare ...
    The manual is useless when having a not so typical network like most people i know...
    Now with a linux based firewall things were just like heaven again ,
    i got the phoenix adaptive firewall ... and if i get assigned another subnet i just add another nic into the box ... voila ... add it on the linuxconf, add it on the firewall and im a happy guy.
    I've had a couple security companies try to pop my linux firewalls 3 times already no luck baby ... i can sleep at nights... just install a plain copy of linux ... stop all the services you dont need and install your firewall ... it will be a steady hard-ball-breaking firewall as the pix lovers describe the pix.
    I just think Cisco is over rated, over priced, over ordered, over known ...
    again ... just my opinion.


    Felo

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Configuring a PIX is no different whether you have one subnet or 1000 subnets. If you had problems due to multiple subnets, it is more than likely a routing issue. i would like to hear more specifics of exactly where you had problems with the multiple subnet issue.

    I have configured the PIX on networks with literally hundreds of subnets, and never once had any issues (other than the fact that access-lists can get a bit long and confusing). But you still have the same problem on linux FW's

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •